Cyberattack hits Ascension hospitals' computer networks: 'It's affecting everything'

Ascension hospitals in Michigan and across the U.S. were hit Wednesday by a cyberattack that disrupted its computer network which continued to affect its clinical operations Thursday morning, leading the nonprofit, St. Louis-based health system to urge its business partners to sever online connections to its system.

"We detected unusual activity on select technology network systems, which we now believe is due to a cyber security event," Ascension said in a statement posted on its website. "At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.

"Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption."

With computers offline, 'It's like the 1980s or 1990s'

Employees noticed the computer network problems about 7 a.m. Wednesday, said three workers who spoke on the condition of anonymity out of fear of job repercussions.

"There was a security concern, so they shut down the system," one physician told the Free Press. "It's affecting everything."

Another Ascension Michigan doctor said: "We have no access to medical records, no access to labs, no access to radiology or X-rays, no ability to place orders.

"We have to write everything on paper. It's like the 1980s or 1990s. You go to the X-ray room to look at the X-rays on film, you call the lab they tell you what the results are over the phone. So it's just much more cumbersome, but we do have training for these moments."

A nurse told the Free Press on Wednesday evening that Ascension hospitals were still accepting patients by ambulance who were medically unstable and in need of lifesaving treatment. But those who were more stable and could be taken to other nearby hospitals for care were diverted because of the computer network outage.

"I just hope it doesn't last very long because certainly patient care will be negatively impacted," a physician said. "The data that shows that during computer network downtime, your risk of an adverse event goes up."

More:Increasingly common, health care cyberattacks now even target patients with ransom

More:More than 1 million Michiganders affected by Welltok cyberattack

Ascension said it is working with Mandiant, a cybersecurity consulting company, to investigate and help determine what information, if any, was compromised in the cyberattack.

"Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines," Ascension said in a statement.

Attack comes as Ascension aims to spin off Michigan hospitals

A Catholic health system, Ascension has 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia. It reported in May that it had 134,000 employees.

In Michigan, the health system operates 15 acute-care hospitals, but is in the midst of trying to close deals that would split off eight of its southeastern Michigan hospitals and combine them with Detroit-based Henry Ford Health. Additionally, three of its hospitals in mid-Michigan and northeastern Michigan, along with a stand-alone emergency center and nursing home, are to be acquired by Midland-based MyMichigan Health.

If those deals are completed, only the following Ascension Michigan hospitals will remain as part of the health system's national holdings:

• Ascension Allegan Hospital in Allegan
• Ascension Borgess Hospital in Kalamazoo
• Ascension Borgess-Lee Hospital in Dowagiac
• Ascension Borgess-Pipp Hospital in Plainwell

Breaches threaten protected health information, more

Cyberattacks are becoming increasingly common in health care, often affecting protected health information along with other data, such as account numbers, Social Security numbers, phone numbers and addresses.

In April, Cherry Street Services Inc., also known as Cherry Health, alerted 180,747 Michigan residents that their personal information had been compromised in a ransomware attack that occurred on Dec. 21.

"Third-party forensic experts were retained to assist in an investigation of the nature and scope of the breach," said Danny Wimmer, press secretary for state Attorney General Dana Nessel. "While unable to pinpoint (the) root cause of the breach, through the investigation Cherry was able to discern the types of data compromised: full name, address, date of birth, phone number, health insurance information, patient ID number, provider name, service date, diagnosis/treatment information, prescription information, financial account information and/or Social Security Numbers, and the identity of the persons impacted."

That's not all.

More than 1 million Michiganders were affected by a cybersecurity breach at Welltok Inc., a software company contracted to provide communication services for Corewell Health's southeastern Michigan properties along with a healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell. Though the breach occurred in May 2023, it wasn't until November 2023 that people were notified.

A ransomware attack took down the computer network at McLaren Health Care's 14 Michigan hospitals in late August and early September 2023, affecting about 2.5 million patients. The health system acknowledged that it also could have leaked some patient data onto the dark web. A ransomware gang known as BlackCat/AlphV claimed responsibility for the cyberattack, posting online that it stole 6 terabytes of McLaren's data.

And in late August 2023, the University of Michigan shut down its campus computer network after a hacker got access to the personal information of students and applicants, alumni and donors, employees and contractors, as well as the personal health information of research study participants, and patients of the University Health Service and the School of Dentistry.

Contact Kristen Shamus: kshamus@freepress.com. Subscribe to the Free Press.